Commit Graph

29894 Commits

Author SHA1 Message Date
Martin Schwaighofer
f6ee247a1f sd-image: make firmware partition deterministic
Based on how it works for the EFI partition of an iso-image at
nixos/modules/installer/cd-dvd/iso-image.nix.
2022-10-22 12:11:30 +02:00
Emil Karlson
082bc22205 nixos/dokuwiki: Use stateDir everywhere
Current module does not use non-default stateDir everywhere.

Statedir has a consistent default, use the cfg.stateDir everywhere
unconditionally.
2022-10-22 09:02:23 +03:00
Sandro Jäckel
17f2c5ba71
nixos/changedetection-io: fix container having no network 2022-10-22 02:14:41 +02:00
github-actions[bot]
9af095c466
Merge staging-next into staging 2022-10-22 00:05:07 +00:00
github-actions[bot]
c8a9826fe2
Merge master into staging-next 2022-10-22 00:04:37 +00:00
Sandro
0d1e0a9f80
Merge pull request #191061 from Izorkin/update-peertube-nginx 2022-10-22 00:02:11 +02:00
Sandro
67e4972c5d
Merge pull request #195745 from virusdave/patch-1 2022-10-22 00:00:52 +02:00
Sandro
d4f4e5f099
Merge pull request #189718 from rnhmjoj/pr-pcsc-polkit 2022-10-21 23:16:21 +02:00
ajs124
3dd1098f45
Merge pull request #195567 from helsinki-systems/feat/jenkins-jdk17
nixos/jenkins: jdk11 -> jdk17
2022-10-21 22:59:03 +02:00
Martin Weinelt
80fc469031 Merge remote-tracking branch 'origin/master' into staging-next 2022-10-21 22:33:42 +02:00
Luflosi
a255c43f44
nixos/kubo: convert to RFC42-style settings 2022-10-21 20:54:00 +02:00
Elis Hirwing
844715a8b9
Merge pull request #196819 from Stunkymonkey/freshrss-api-fix
freshrss: fix greader-api
2022-10-21 19:56:55 +02:00
Jonas Heinrich
c54a28030f nixos/httpd: Make option adminAddr optional 2022-10-21 09:12:25 -04:00
rnhmjoj
3bb69836cb
nixos/profiles/minimal: don't install freedesktop files
This saves about 25M from the closure size of:

$ nix build -f nixos system --arg configuration '
  { imports = [ ./nixos/modules/profiles/minimal.nix ];
    fileSystems."/".label="root";
    boot.loader.grub.device = "nodev";
  }'
2022-10-21 14:54:38 +02:00
KFears
89e30315e0 nixos/grafana: refactor dashboards for RFC42
This commit refactors `services.grafana.provision.dashboards` towards
the RFC42 style. To preserve backwards compatibility, we have to jump
through a ton of hoops, introducing esoteric type signatures and bizarre
structs. The Grafana module definition should hopefully become a lot
cleaner after a release cycle or two once the old configuration style is
completely deprecated.
2022-10-21 16:42:30 +04:00
rnhmjoj
c90b6a859b
nixos/pcscd: allow use without polkit
The polkit support in pcsclite is entirely optional but package enables
it unconditionally and this breaks connecting to the pcscd daemon on
systems without polkit.

The fix is making this configurable and automatically disabling
`polkitSupport` when the polkit service is disabled.
2022-10-21 13:06:40 +02:00
Anderson Torres
77b67a2524
Merge pull request #196862 from atorres1985-contrib/hypr
hypr: init at unstable-2022-05-25
2022-10-21 08:00:20 -03:00
Florian Klink
690ccd9c4a
Merge pull request #196917 from flokli/nsncd
nixos/nscd: add option to use nsncd, init nsncd
2022-10-21 11:22:17 +02:00
Jan Tojnar
c789af6065 gnome._gdkPixbufCacheBuilder_DO_NOT_USE: Extract from nixos/gdk-pixbuf
Unlike previously, we now fail loudly when a package not containing a gdk-pixbuf modules is passed.
2022-10-21 10:06:24 +02:00
Florian Klink
a86e080fa4 nixosTests.nscd: add nsncd specialisation
This shows that nsncd successfully passes all the tests that we run
against glibc-nscd.
2022-10-21 09:37:18 +02:00
Florian Klink
e7bc3e7504 nixosTests.nscd: dump nscd socket info with sockdump
This dumps what's sent over the nscd socket to the console output, which
allows debugging.
2022-10-21 09:37:18 +02:00
Florian Klink
aee40c2d8a nixos/nscd: add enableNsncd option
When set, this switches from using nscd to using nsncd.

It's a protocol-compatible, non-caching and much less flaky alternative.
2022-10-21 09:37:18 +02:00
AndersonTorres
af3779f819 nixos/hypr: add module 2022-10-21 00:01:43 -03:00
github-actions[bot]
c434165354
Merge master into staging-next 2022-10-21 00:05:50 +00:00
Guillaume Girol
91a3819bad
Merge pull request #177273 from dali99/escape-systemd
Make escapeSystemdPath implement the correct systemd escaping algorithm
2022-10-20 19:15:31 +00:00
Sandro
c9719e7fd6
Merge pull request #189269 from Tom-Hubrecht/ntfy-sh 2022-10-20 20:50:34 +02:00
Sandro
89e49d87d3
Merge pull request #196488 from SuperSandro2000/changedetectionio 2022-10-20 20:25:36 +02:00
Daniel Olsen
3251123a77 nixos/lib.escapeSystemdPath: Implement the correct algorithm for escaping names in systemd units
Co-authored-by: ajs124 <git@ajs124.de>
2022-10-20 20:12:15 +02:00
github-actions[bot]
80317024cf
Merge master into staging-next 2022-10-20 18:10:43 +00:00
Dave Nicponski
1a73877305 Tweak nginx config for Let's Encrypt ACME challenges
Currently, this is using a "URI prefix match", but per nginx docs,

```
[...] the location with the longest matching prefix is selected and remembered. Then regular expressions are checked, in the order of their appearance in the configuration file. The search of regular expressions terminates on the first match, and the corresponding configuration is used. If no match with a regular expression is found then the configuration of the prefix location remembered earlier is used.
```
which means a config like this (from wordpress service) will override that
```
locations = {
          "~ /\\." = {
            priority = 800;
            extraConfig = "deny all;";
          };
};
```
😱
Luckily, from nginx docs:
```
If the longest matching prefix location has the “^~” modifier then regular expressions are not checked.
```

Whew!
2022-10-20 10:59:28 -04:00
Bernardo Meurer
d473597e33
Merge pull request #196904 from hercules-ci/nixos-nixpkgs-only-error-when-used 2022-10-20 09:10:29 -04:00
github-actions[bot]
ee0190d830
Merge master into staging-next 2022-10-20 12:01:25 +00:00
Izorkin
abdcfec3a0
nixos/peertube: add nginx configuration 2022-10-20 14:49:51 +03:00
Florian Klink
7987b41d44 nixos/nscd: nixpkgs-fmt 2022-10-20 13:15:16 +02:00
Florian Klink
a3b07e3693 nixosTests.nscd: update subtest name and comment
test_host_lookups can be used against different daemons speaking the
nscd protocol.
2022-10-20 13:15:16 +02:00
Robert Hensing
1e9864c85e nixos/nixpkgs: Only error when nixpkgs options are actually used 2022-10-20 11:19:20 +02:00
Janne Heß
24167c94f0
Merge pull request #196337 from SuperSandro2000/update-users-groups
nixos/update-users-groups.pl: sort json file for better reproducibility
2022-10-20 11:11:49 +02:00
LuoChen
b9d9daf749 synergy: fix services.synergy.server.tls.cert (#196867) 2022-10-20 12:34:45 +08:00
github-actions[bot]
aac580f88f
Merge master into staging-next 2022-10-20 00:05:13 +00:00
Felix Bühler
27e5ca478b
Merge pull request #196140 from uninsane/pr/freshrss-patchShebangs
freshrss: patchShebangs instead of specifying interpreter at use site
2022-10-20 00:03:13 +02:00
Sandro
ab6c14bf9a
Merge pull request #196624 from Minion3665/replace-polymc-with-prismlauncher 2022-10-19 23:36:35 +02:00
Felix Buehler
fe9fb739a9 freshrss: fix greader-api 2022-10-19 23:34:26 +02:00
Sandro Jäckel
c9aab9ba97
nixos/changedetection-io: init 2022-10-19 21:33:31 +02:00
github-actions[bot]
958cbc7d51
Merge master into staging-next 2022-10-19 18:09:25 +00:00
Skyler Grey
49c81f001c
release-notes: state that PolyMC has been replaced 2022-10-19 19:06:55 +01:00
Skyler Grey
fcbbc69f13
release-notes-2205: suggest using prismlauncher
- Previously PolyMC was the suggested replacement for MultiMC
- As PolyMC is marked as insecure and prismlauncher is a replacement,
  this commit suggests using it instead
2022-10-19 19:06:54 +01:00
Domen Kožar
d2cfe468f8
Merge pull request #196728 from veehaitch/github-runner-new-pats
nixos/github-runner: support fine-grained personal access tokens
2022-10-19 14:40:23 +02:00
Martin Weinelt
5d2330ddb5
Merge pull request #195760 from jmbaur/prometheus-kea-exporter 2022-10-19 14:02:15 +02:00
github-actions[bot]
bbaff9a043
Merge master into staging-next 2022-10-19 12:01:22 +00:00
Vincent Haupert
ea8cf2e486 nixos/github-runners: support fine-grained personal access tokens
Add support for GitHub's new fine-grained personal access tokens [1]. As
opposed to the classic PATs, those start with `github_pat_` instead of
`ghp_`.

Make sure to use a token which has read and write access to the
"Administration" resource group [2] to allow for registrations of new
runners.

[1] https://github.blog/2022-10-18-introducing-fine-grained-personal-access-tokens-for-github/

[2] https://docs.github.com/en/rest/overview/permissions-required-for-github-apps#administration
2022-10-19 13:50:34 +02:00
Domen Kožar
ff27dc3a09
Merge pull request #176691 from codedownio/multiple-github-runners
GitHub runners: configurable user, environment, and service overrides + multiple runners
2022-10-19 13:38:23 +02:00
Tom McLaughlin
c2cc9aeafd Use config name by default, falling back to attr name 2022-10-19 03:33:30 -07:00
Jan Tojnar
457f28f6f8 Merge branch 'master' into staging-next
; Conflicts:
;	pkgs/development/tools/codespell/default.nix

codespell 2.2.2 switched to pyproject & setuptools_scm:
https://github.com/codespell-project/codespell/pull/2523
2022-10-19 05:24:28 +02:00
Tom Hubrecht
bbf5ba11b4
nixos/ntfy-sh: init 2022-10-19 02:20:16 +02:00
Sandro
e188e93b8f
Merge pull request #196477 from MatthewCroughan/mc/stateless-cups 2022-10-18 23:22:12 +02:00
Atemu
bf6d84958d rl-2211: document nix.checkConfig option changes
Co-authored-by: Sandro <sandro.jaeckel@gmail.com>
2022-10-18 21:43:52 +02:00
Atemu
ef70bdd10f nixos/nix-daemon: make checkConfig fully disable nix.conf validation
A new option checkAllErrors is introduced which implements the old checkConfig
toggle behaviour

Co-authored-by: Sandro <sandro.jaeckel@gmail.com>
2022-10-18 21:42:31 +02:00
Sandro
2917c9a67e
Merge pull request #195205 from NULLx76/vmagent 2022-10-18 21:16:10 +02:00
Sandro
7307c3ae6c
Merge pull request #191922 from NukaDuka/karma 2022-10-18 21:10:04 +02:00
digital
f4ccaa51e0 nixos/containers: support nixpkgs.hostPlatform
Use hostPlatform if both the host and the containers nixpkgs supports
hostPlatform, otherwise fall back to localSystem. This preseves backwards
compatibility.
2022-10-18 19:15:26 +02:00
Robert Hensing
314959198f
Merge pull request #196447 from Cynerd/oci-container-docker
nixos/modules/virtualisation: fix oci-containers with docker
2022-10-18 15:06:18 +02:00
Robert Hensing
14a822f72a
Merge pull request #196281 from hercules-ci/restore-nixos-test-dx
nixos: Restore test DX
2022-10-18 11:38:37 +02:00
Robert Hensing
6259b29f29
Merge pull request #194035 from Ma27/show-option-quoting
lib/options/showOption: fix quoting of attr-names that are not identifiers
2022-10-18 11:31:54 +02:00
matthewcroughan
a99ab1fbc1 nixos/printing: add services.printing.stateless option
This will remove all state directories related to CUPS on startup, which
is particularly useful for guaranteeing that printer discovery works
more reliably on some networks, since CUPS will no longer be able to
store state that effects the next run of the service, such as old
printer names and mDNS information.

Co-authored-by: Sandro <sandro.jaeckel@gmail.com>
2022-10-17 22:59:24 +01:00
Jean-François Roche
dc529302fe
nixos: add cachix watch-store service
Self hosted CI push built packages asynchronously to cachix using a service.

Based on @Mic92 [code](https://github.com/cachix/cachix/issues/370#issuecomment-817081937)
2022-10-17 18:24:03 +02:00
Karel Kočí
76e1e908c1
nixos/modules/virtualisation: fix oci-containers with docker
The empty attribute set is invalidly provided as service config and
results in evaluation error.
2022-10-17 16:11:56 +02:00
github-actions[bot]
969a1796ef
Merge master into staging-next 2022-10-17 12:01:24 +00:00
Vladimír Čunát
8b880dd5d1
Merge #195505: nixosTests: avoid some broken ones, fix some others 2022-10-17 09:09:53 +02:00
Tom McLaughlin
5221e7af04 Add comments to explain about the name defaults 2022-10-17 00:04:52 -07:00
Tom McLaughlin
2c099d1a14 Set runner name to attr name for github-runners.${name} 2022-10-17 00:01:04 -07:00
github-actions[bot]
ab4849492d
Merge master into staging-next 2022-10-17 06:24:16 +00:00
Sarah Brofeldt
85d3faa877
Merge pull request #196218 from qowoz/k8s
kubernetes: drop e2e tests
2022-10-17 06:33:01 +02:00
Sandro Jäckel
62cace13fe nixos/update-users-groups.pl: sort json file for better reproducibility 2022-10-17 02:37:23 +02:00
github-actions[bot]
18a6423900
Merge master into staging-next 2022-10-17 00:04:21 +00:00
Yarny0
cce8f0a3e3
tsm-client: 8.1.15.1 -> 8.1.15.2, pin openssl version (#193556) 2022-10-17 01:31:05 +02:00
Christian Kögler
46431c0819
Merge pull request #196286 from NickCao/nixos-iwd
nixos/iwd: allow setting iwd package
2022-10-16 21:02:05 +02:00
Christian Kögler
6208451903
Merge pull request #195380 from pacien/nixos-neovim-managed-config-rc-note
nixos/neovim: add note about not loading init.vim
2022-10-16 21:00:00 +02:00
Christian Kögler
daba20d006
Merge pull request #196301 from bobvanderlinden/pr-nixos-dwm-package
nixos/dwm: add package option
2022-10-16 20:47:01 +02:00
Bob van der Linden
0d07870dc5
nixos/dwm: add package option 2022-10-16 20:34:28 +02:00
Maximilian Bosch
a914b9460d
Merge pull request #193075 from Ma27/nextcloud-pkg-fix
fetchNextcloudApp: rewrite with fetchzip & applyPatches
2022-10-16 20:07:57 +02:00
Maximilian Bosch
a2134c24a4
Merge pull request #195808 from mayflower/fix-wordpress-fonts-dir
nixos/wordpress: make fonts directory writable
2022-10-16 20:05:09 +02:00
github-actions[bot]
f52955a521
Merge master into staging-next 2022-10-16 18:01:42 +00:00
Maximilian Bosch
b55eefa3bd
Merge pull request #195703 from Ma27/bump-grafana
grafana: 9.1.7 -> 9.2.0
2022-10-16 19:33:14 +02:00
Nick Cao
46982f4194
nixos/iwd: allow setting iwd package 2022-10-16 23:12:26 +08:00
Robert Hensing
1d9b913088 nixos/lib/testing: Delay nodes.machine.~config~ migration
Provide a window during which both solutions are valid without
warnings, in order to fight warning fatigue, and not to push 3rd
party repo maintainers to add unnecessary compat code.
2022-10-16 16:30:21 +02:00
Robert Hensing
611f247810 nixos/tests: Generalize nix-build file.nix hack to testing-python.nix 2022-10-16 16:30:20 +02:00
github-actions[bot]
e648107a22
Merge master into staging-next 2022-10-16 06:06:19 +00:00
zowoq
6f983050bb nixos/kubernetes: use package from config 2022-10-16 12:38:50 +10:00
zowoq
d58290cffa kubernetes: drop e2e tests
these tests never worked
2022-10-16 12:38:21 +10:00
Johan Thomsen
38ea9bc083 nixos/manual/kubernetes: re-enabling of insecure ports is no longer possible 2022-10-16 10:13:05 +10:00
Johan Thomsen
6ec7298ead nixos/kubernetes: modularized tests 2022-10-16 10:13:05 +10:00
Johan Thomsen
ae712870af nixos/kubernetes: drop obsolete options/cmdline flags 2022-10-16 10:13:05 +10:00
Martin Weinelt
51fcbf5bb7 Merge remote-tracking branch 'origin/master' into staging-next 2022-10-16 00:18:40 +02:00
Florian Klink
80e4946f38
Merge pull request #177406 from davidkna/podman-gen
nixos/virtualisation.oci-containers: follow podman-generated systemd units more closely
2022-10-15 22:10:55 +02:00
Alexander Bantyev
6babc092ca
Merge pull request #196185 from mkaito/mkaito/serokell-team
maintainers: remove mkaito from serokell team
2022-10-15 23:44:14 +04:00
Dennis Gosnell
e9305a371f Merge remote-tracking branch 'origin/master' into haskell-updates 2022-10-15 11:58:34 -04:00
Dennis Gosnell
1445c56426 termonad: remove top-level termonad-with-packages alias 2022-10-15 11:49:02 -04:00
Jörg Thalheim
8324b6efd3
Merge pull request #196147 from Mic92/systemd-boot-delete-old-specialisation
Systemd boot delete old specialisation
2022-10-15 17:36:28 +02:00
Jörg Thalheim
42c9492829 nixos/systemd-boot: decrease catch scope for ValueError 2022-10-15 16:41:38 +02:00
Azat Bahawi
e04579e7cd nixos/please: init module
Co-authored-by: Cole Helbling <cole.e.helbling@outlook.com>
2022-10-15 07:05:10 -07:00
Robert Scott
4f54ef201d gocd-server: 19.3.0 -> 22.2.0 2022-10-15 13:34:50 +01:00
rnhmjoj
8a45db4fb9
nixosTests.custom-ca.midori: fix 2022-10-15 14:05:59 +02:00
Francesco Gazzetta
b6f2a1382d
nixosTests.domination: fix the test 2022-10-15 14:05:47 +02:00
Vladimír Čunát
19d127f8c8
nixosTests.cloud-init: broken = true;
https://hydra.nixos.org/job/nixos/trunk-combined/nixos.tests.cloud-init.x86_64-linux/all
2022-10-15 14:05:47 +02:00
Vladimír Čunát
3371c7f004
nixosTests.systemd-cryptenroll: broken = true;
https://hydra.nixos.org/job/nixos/trunk-combined/nixos.tests.systemd-cryptenroll.x86_64-linux/all
2022-10-15 14:05:47 +02:00
Vladimír Čunát
92cbe74537
nixosTests.terminal-emulators.contour: drop
https://hydra.nixos.org/job/nixos/trunk-combined/nixos.tests.terminal-emulators.contour.x86_64-linux/all
2022-10-15 14:03:25 +02:00
Vladimír Čunát
823242c42d
nixosTests.terminal-emulators.wezterm: drop
https://hydra.nixos.org/job/nixos/trunk-combined/nixos.tests.terminal-emulators.wezterm.x86_64-linux/all
2022-10-15 14:03:24 +02:00
Vladimír Čunát
ad2f58729a
nixosTests.mjolnir: broken = true;
https://hydra.nixos.org/job/nixos/trunk-combined/nixos.tests.mjolnir.x86_64-linux/all
2022-10-15 14:03:24 +02:00
Vladimír Čunát
00220b4245
nixosTests.wine.wineWowPackages-wayland: drop
https://hydra.nixos.org/job/nixos/trunk-combined/nixos.tests.wine.wineWowPackages-wayland.x86_64-linux/all
2022-10-15 14:03:24 +02:00
Vladimír Čunát
1e58b84405
Merge #195650: nixosTests.vscodium: fix .wayland test
... by allowing more expressions to satisfy save file dialog.
2022-10-15 13:39:15 +02:00
github-actions[bot]
4f07e7f326
Merge master into staging-next 2022-10-15 06:07:54 +00:00
zowoq
bb884d6a1e nixosTests.traefik: enable on aarch64-linux 2022-10-15 14:29:46 +10:00
zowoq
ff30f8a429 nixosTests.podman*: enable on aarch64-linux 2022-10-15 14:29:46 +10:00
zowoq
d50ee203f7 nixosTests.oci-containers: enable on aarch64-linux 2022-10-15 14:29:46 +10:00
zowoq
0a8746ca85 nixosTests.{docker,docker-rootless}: enable on aarch64-linux 2022-10-15 14:29:46 +10:00
zowoq
9286419109 nixosTests.cri-o: enable on aarch64-linux 2022-10-15 14:29:46 +10:00
zowoq
8b4bbd6919 nixosTests.cfssl: enable on aarch64-linux 2022-10-15 14:29:46 +10:00
github-actions[bot]
b4b0b7d41b
Merge master into haskell-updates 2022-10-15 00:20:09 +00:00
github-actions[bot]
886633ba43
Merge master into staging-next 2022-10-15 00:04:00 +00:00
Sandro
bdca71e9c0
Merge pull request #191924 from SuperSandro2000/ddclient-daemon 2022-10-14 23:52:14 +02:00
Benjamin Smith
e55474ecc3 requested review changes, and kafka 3.3 2022-10-14 12:52:05 -07:00
github-actions
8231febc5d Apache Kafka upgrade to 3.x 2022-10-14 12:47:06 -07:00
github-actions[bot]
14fe809072
Merge master into staging-next 2022-10-14 18:02:25 +00:00
Bernardo Meurer
71f2836fba
Merge pull request #184770 from NickCao/kernel-keyring 2022-10-14 09:46:01 -03:00
github-actions[bot]
cc090d2b94
Merge master into staging-next 2022-10-14 12:01:35 +00:00
Ninjatrappeur
8e3b02dc7d
Merge pull request #194916 from flokli/nixos-test-nscd 2022-10-14 11:54:37 +02:00
Florian Klink
dea7647814 nixosTests.nscd: drop _gateway lookups
This has shown to be flaky in the VM test, at least when running on
the aarch64 ofborg builder(s).

I assume it's some flakyness in systemd-networkd not being fully up, or
at least not up to the point that it properly replies to the _gateway
request.

This part of the test is supposed to test external (non-glibc) nss
module lookup for the host database works, which is already sufficiently
covered in the previous checks (for *.localhost). Drop these redundant
checks. We're not integration-testing networkd here.
2022-10-14 11:26:48 +02:00
Florian Klink
f08b8d6cfa nixosTests.nscd: test unscd as well
This shows that external nss module resolution is broken with unscd.
2022-10-14 10:07:11 +02:00
github-actions[bot]
283841a1ce
Merge master into staging-next 2022-10-14 06:20:50 +00:00
colin
9443d83e6f freshrss: patchShebangs instead of specifying interpreter at use site
this makes it easier for one to manually administer freshrss.
for example, i can import OPML from the CLI like:

```
$ nix build .#freshrss
$ freshrss FRESHRSS_DATA_PATH=/var/lib/freshrss ./result/cli/import-for-user.php --user admin --file my-opml.opml
```

whereas previously i would have needed to include
`environment.systemPackages = [ php ];` in my system for that to work.
2022-10-13 21:46:04 -07:00
Timothy DeHerrera
912a3deedc
Merge pull request #110197 from milahu/patch-1
firewall: move rpfilter to mangle.PREROUTING to fix conntrack
2022-10-13 21:04:40 -06:00
Tom McLaughlin
fc8fdb03a0 Try simpler github-runner.nix 2022-10-13 19:54:36 -06:00
Tom McLaughlin
69d9538b34
Update nixos/modules/services/continuous-integration/github-runners.nix
Co-authored-by: Vincent Haupert <mail@vincent-haupert.de>
2022-10-13 18:53:25 -06:00
Tom McLaughlin
cf1b952988
Update nixos/modules/services/continuous-integration/github-runner.nix
Co-authored-by: Vincent Haupert <mail@vincent-haupert.de>
2022-10-13 18:49:02 -06:00
github-actions[bot]
9602cb4aa1
Merge master into haskell-updates 2022-10-14 00:21:48 +00:00
Martin Weinelt
c728598b84 Merge remote-tracking branch 'origin/staging-next' into staging 2022-10-13 23:29:04 +02:00
Florian Klink
d90ffb83c2
Merge pull request #195154 from veehaitch/networkd-ipv6-pd
nixos/networkd: add/adopt IPv6 options
2022-10-13 23:00:26 +02:00
Maximilian Bosch
5afde0064a
nixos/wordpress: make fonts directory writable
Needed to host e.g. google fonts locally.
2022-10-13 17:30:22 +02:00
github-actions[bot]
62bcf0ac62
Merge staging-next into staging 2022-10-13 12:02:06 +00:00
victor
28d2fcc400 vmagent: init at 1.82.0 2022-10-13 13:32:47 +02:00
Maximilian Bosch
0df6c52026
nixos/grafana: ensure that declarative prometheus data-sources don't use direct access
Support for that was permanently dropped in Grafana 9.2.0, see also
f30795b088
2022-10-13 10:28:29 +02:00
K900
803f180021
Merge pull request #191357 from K900/plasma-beta
Plasma 5.26.0, KDE Frameworks 5.99
2022-10-13 10:31:12 +03:00
Vladimír Čunát
00a757ed3f
Merge branch 'master' into staging 2022-10-13 08:27:55 +02:00
Vladimír Čunát
7a94322ed7
Merge #182618: GNOME 42 → 43 2022-10-13 08:14:27 +02:00
Jared Baur
5d79c93d77
nixos/prometheus-kea-exporter: Fix ExecStart arguments
The current `ExecStart` will not allow for multiple sockets to properly
be passed to the program since the extra newline character is interpreted to
be part of the socket path.
2022-10-12 20:39:09 -07:00
github-actions[bot]
b405702c7f
Merge master into haskell-updates 2022-10-13 00:20:20 +00:00
Artturi
e66d2fd89d
Merge pull request #194256 from Artturin/treewides2 2022-10-13 00:08:01 +03:00
Thiago Kenji Okada
b87716afc9
Merge pull request #188881 from shadaj/patch-4
nixos/restic: make it possible to use the existing backup cache for prune/check
2022-10-12 21:26:00 +01:00
Maximilian Bosch
955e01095a
grafana: 9.1.7 -> 9.2.0
ChangeLog: https://github.com/grafana/grafana/releases/tag/v9.2.0

Also fixed the test: the default value for the admin email address is
now `admin@localhost`[1].

[1] 39102c6656
2022-10-12 20:45:15 +02:00
K900
37a64594bd nixos/plasma-bigscreen: enable uinput correctly
This is required for plasma-remotecontrollers to actually work.
Make sure to also add your user to the `uinput` group.
2022-10-12 20:28:53 +03:00
Shadaj Laddad
dd34f474ed nixos/restic: make it possible to use the existing backup cache for prune/check
Configures the `--cache-dir` parameter for the prune and check commands run after backing up. For `check`, also adds a `checkOpts` flag to enable using the cache, since that is disabled by default.
2022-10-12 09:09:27 -07:00
K900
5e62c78f4b nixos/plasma5: add very basic plasma-bigscreen module 2022-10-12 17:15:56 +03:00
Stanisław Pitucha
d2afb051ff
Merge pull request #195210 from yorickvP/guake
guake: 3.6.3 -> 3.9.0
2022-10-12 22:12:57 +11:00
Patrick Hilhorst
1bb6ca7fe1
nixosTests.vscodium: allow more expressions to satisfy save file dialog
Previously was not clearing due to OCR glitch, should be more robust now. Also commented out the 'quit', which was also failing.
2022-10-12 11:38:31 +02:00
Yorick van Pelt
0d6d7a1fc1
release-notes: update release notes about mysql57 drop 2022-10-12 11:02:14 +02:00
Yorick van Pelt
a5c9290979
mysql57: drop
Mysql 5.7 is not EOL yet, but is quite old and fully replaceable
by mysql 8.0 or mariadb.
2022-10-12 11:02:14 +02:00
Pascal Bach
1ca4c178dd
Merge pull request #195488 from KoviRobi/gitlab-runner-clear-docker-cache
Gitlab runner clear docker cache
2022-10-12 07:56:46 +02:00
github-actions[bot]
7e82e2594e
Merge master into haskell-updates 2022-10-12 00:23:04 +00:00
Robert Hensing
129fd1ab27
Merge pull request #194530 from colemickens/stage-1-systemd-luksroot-toString-fix
nixos: luksroot: toString-ify keyFileSize usage
2022-10-12 00:00:35 +01:00
Florian Klink
3ff0a8f840
Merge pull request #189676 from zhaofengli/cryptenroll
systemd: Fix systemd-{cryptenroll,cryptsetup} TPM2 and FIDO2 support (attempt #3)
2022-10-12 00:56:04 +02:00
Patrick Jackson
4c69843460 nixos/mullvad-vpn: change dependency for the daemon to pkg mullvad 2022-10-11 12:37:49 -07:00
ajs124
18a17d11ff nixos/jenkins: jdk11 -> jdk17
see https://www.jenkins.io/doc/upgrade-guide/2.361/
we'll need to do this eventually, not sure when the best point in time is
2022-10-11 21:16:37 +02:00
Sandro
9278ee48fc
Merge pull request #191977 from yurrriq/kops-1.25.0 2022-10-11 20:56:45 +02:00
Vincent Haupert
bfed63047d release-notes: mention breaking changes w/r/t systemd-networkd 250 2022-10-11 19:00:49 +02:00
Bobby Rong
35dffb9f93 pantheon.elementary-tasks: Mark as broken
Does not build with e-d-s 3.45+ / libsoup 3 and porting is likely not easy.
2022-10-11 18:52:33 +02:00
Jan Tojnar
fed9f9420e release-notes: Mention GNOME 43 2022-10-11 18:52:31 +02:00
Jan Tojnar
0e989a5bd9 gnome.nautilus: 43.alpha → 43.beta
https://gitlab.gnome.org/GNOME/nautilus/-/compare/43.alpha...43.beta

Also change the environment variable name to prevent crashes when running in an old environment.

Changelog-Reviewed-By: Jan Tojnar <jtojnar@gmail.com>
2022-10-11 18:52:15 +02:00
Jan Tojnar
b8e21f065b librsvg: remove installed tests
Build will start failing with the following error in 2.55.1 due to `/build/librsvg-2.55.1/.libs` ending up in rpath:

    RPATH of binary /nix/store/78k70limslvxs6y98hdirbcixl3car1q-librsvg-2.55.1-installedTests/libexec/installed-tests/RSVG/api contains a forbidden reference to /build/
2022-10-11 18:52:13 +02:00
Jan Tojnar
50c6895e77 gnome-browser-connector: 10.1 → 42.0
https://discourse.gnome.org/t/split-and-rename-of-chrome-gnome-shell/11075
815ec9e1af...v42.0

- Renamed and split into a separate repo from the extensions.
- CMake build replaced with Meson (jq also not needed)
- requests Python module not needed since updates are now solely handled by GNOME Shell itself

Also

- Corrected license
- Cleaned up the module
- Replaced PYTHONPATH in a wrapper by Python environment

Changelog-Reviewed-By: Jan Tojnar <jtojnar@gmail.com>
2022-10-11 18:52:12 +02:00
Martin Weinelt
8a6466ecd3
Merge pull request #195295 from mweinelt/networkd-ia-pd-kea 2022-10-11 15:37:05 +02:00
Martin Weinelt
d97e915faf
nixos/tests/chromium: Enable on aarch64-linux 2022-10-11 15:33:42 +02:00
Martin Weinelt
08991fc87a
nixos/release-small: Test uefi cdrom 2022-10-11 15:33:42 +02:00
Martin Weinelt
4b6758f83e
nixos/release-combined: Enable more jobs on aarch64-linux 2022-10-11 15:33:42 +02:00
Martin Weinelt
373c1a8e43
installer: enable xe-guest-utilities only on x86
Tries to find a target specific makefile for aarch64 which does not
exist.
2022-10-11 15:33:42 +02:00
Martin Weinelt
8f366cbfcc
installer: enable vmware guest support on x86 only
The vmware guest module asserts on this exact condition, so let's only
enable it on that condition.
2022-10-11 15:33:41 +02:00
Martin Weinelt
9328b7eebf
nixos/release-combined: Build graphical ISOs for aarch64-linux 2022-10-11 15:33:41 +02:00
Martin Weinelt
cd5cc11918
nixos/release-combined: Move aarch64-linux to supportedSystems
The builders have had a good track record in the last year so this is
worth a try.
2022-10-11 15:33:41 +02:00
Martin Weinelt
534a2fd13a
nixos/release-small: Add aarch64-linux to supportedSystems
The aarch64-linux builders on hydra have had a good track in the last
year or so and I think it's a good idea to include them in the default
-small jobset.

This happens in preparation of improving the distribution of the
installer ISOs for aarch64-linux systems and advertise them more
prominently on the homepage.
2022-10-11 15:33:40 +02:00
Tom McLaughlin
0b67081ad8 Cherry-pick 499748b 2022-10-11 06:10:11 -06:00
Tom McLaughlin
9a7f38040b Fix user type 2022-10-11 06:04:25 -06:00
Tom McLaughlin
b744fee880 Re-add DynamicUser = true per review discussion 2022-10-11 06:04:25 -06:00
Tom McLaughlin
b3de807a6a Update descriptions to use lib.mdDoc 2022-10-11 06:04:25 -06:00
Tom McLaughlin
327e05c382 Get rid of DynamicUser flag 2022-10-11 06:04:25 -06:00
Tom McLaughlin
f13759e21f Fix a deprecated types.string -> types.str 2022-10-11 06:04:25 -06:00
Tom McLaughlin
998083f2ad github-runner: configurable user, environment, service overrides + multiple runners 2022-10-11 06:04:21 -06:00
Guillaume Girol
6fe43abcfc
Merge branch 'master' into tracee-use-new-wrapper 2022-10-11 09:57:23 +00:00
github-actions[bot]
aabca3ed54
Merge staging-next into staging 2022-10-11 06:17:43 +00:00
Anderson Torres
77c986e784
Merge pull request #190105 from impl/free-p4
p4: 2021.2.2201121 -> 2022.1.2305383, build from source and remove unfree binaries
2022-10-11 00:11:22 -03:00
github-actions[bot]
bc7a5b525c
Merge master into haskell-updates 2022-10-11 00:20:39 +00:00
github-actions[bot]
5d957f3dba
Merge staging-next into staging 2022-10-11 00:05:26 +00:00
Alyssa Ross
d165f7a513
nixos/installer: fix eval with missing config arg
Fixes: 4cdda329f0 ("nixos/modules/profiles/base.nix: omit zfs if unavailable")
2022-10-10 23:58:22 +00:00
Martin Weinelt
cf7f4393f3
Merge pull request #193494 from NixOS/staging-next 2022-10-11 01:12:59 +02:00
Sandro
e7625f9130
Merge pull request #195418 from Baitinq/description_in_gitolite_module 2022-10-11 00:51:48 +02:00
Adam Joseph
4cdda329f0 nixos/modules/profiles/base.nix: omit zfs if unavailable
The `boot.zfs.enabled` option is marked `readOnly`, so this is the only way to
successfully build a NixOS installer image for platforms that zfs does not build
for.

Co-authored-by: Alyssa Ross <hi@alyssa.is>
2022-10-10 22:41:57 +00:00
Baitinq
01faaeb4bd
nixos/gitolite: add 'description' module option
This option allows for the customization of the description of the
created gitolite user.

An example of this being useful is for the integration of gitolite with
cgit, which itself uses the gitolite user's description as the author of
the git repo displayed in its generated site.
2022-10-10 23:14:46 +02:00
Martin Weinelt
294201004f Merge remote-tracking branch 'origin/master' into staging-next 2022-10-10 21:45:18 +02:00
Martin Weinelt
5f20362a4a
nixos/tests: Use kea in networkd prefix-delegation test
With the announced EOL of the venerable ISC DHCP Server it is time to
migrate this test to Kea, it's successor.

The ISP has also received an upgrade to its interface configuration,
which now happens completely through networkd.

https://www.isc.org/blogs/isc-dhcp-eol/
2022-10-10 21:37:28 +02:00
Robert Kovacsics
c8eae7a526 nixos/gitlab-runner: Add gitlab-runner.clear-docker-cache service 2022-10-10 18:17:19 +01:00
Bernardo Meurer
6f004b7ed5
Merge pull request #195377 from ngkz/fork/ssh-askpass-wayland 2022-10-10 12:36:00 -03:00
Bernardo Meurer
499748bc04
Merge pull request #195003 from veehaitch/fix-github-runner-first-start 2022-10-10 12:35:24 -03:00
pacien
4e1ffaca01 nixos/neovim: add note about not loading init.vim
Neovim does not load the user configuration when enabled through the
module, unlike when the package is added to the home or system packages
directly. I think this difference is worth mentioning in the module's
documentation, because it was confusing to some friends.
2022-10-10 17:26:15 +02:00
Kazutoshi Noguchi
67246fbffa nixos/ssh: pass WAYLAND_DISPLAY to ssh-askpass 2022-10-11 00:15:49 +09:00
Bernardo Meurer
f5fb6e5755
Merge pull request #194496 from jansol/pipewire 2022-10-10 11:56:38 -03:00
Bernardo Meurer
ed22079db4
Merge pull request #195141 from zhaofengli/vbox-headless-wrappers 2022-10-10 11:45:40 -03:00
Artturin
7e49471316 treewide: optional -> optionals where the argument is a list
the argument to optional should not be list
2022-10-10 15:40:21 +03:00
Artturin
f4ea1208ec treewide: *Flags convert to list from str
*Flags implies a list

slightly relevant:
> stdenv: start deprecating non-list configureFlags https://github.com/NixOS/nixpkgs/pull/173172

the makeInstalledTests function in `nixos/tests/installed-tests/default.nix` isn't available outside of nixpkgs so
it's not a breaking change
2022-10-10 15:30:59 +03:00
github-actions[bot]
8d32772702
Merge staging-next into staging 2022-10-10 12:02:18 +00:00
github-actions[bot]
265121ef54
Merge master into staging-next 2022-10-10 12:01:42 +00:00
Cabia Rangris
c9e1ec215b
Merge pull request #195324 from zhaofengli/fwupd-config-merging
nixos/fwupd: Fix configuration file merging
2022-10-10 14:11:53 +04:00
Zhaofeng Li
bbbda58c4e nixos/fwupd: Fix configuration file merging 2022-10-10 00:01:32 -06:00
Kartik Gokte
8d5a404437 nixos/karma: init 2022-10-10 10:46:25 +05:30
github-actions[bot]
3e9022e45f
Merge master into haskell-updates 2022-10-10 00:19:47 +00:00
github-actions[bot]
e92f9b319a
Merge staging-next into staging 2022-10-10 00:04:21 +00:00
github-actions[bot]
535838d0a5
Merge master into staging-next 2022-10-10 00:03:49 +00:00
Noah Fontes
2576bb2c18
p4: 2021.2.2201121 -> 2022.1.2305383, build from source
The actual p4 command is open-source software released under the
2-clause BSD license, so we can build it here (for pretty much every
architecture we support!) and include it in the cache.

This change removes the server-side commands from this package, but they
are now available as part of a separate p4d package instead. (The server
package remains unfree.)

As an added bonus, we can also include the libraries and headers for the
C/C++ API, which will allow us to package any software that uses
Perforce as a library in the future.
2022-10-09 15:47:57 -07:00
Martin Weinelt
a0b341d690
Merge pull request #195230 from illustris/sssd-ldap 2022-10-10 00:34:26 +02:00
illustris
51b9e2857f
nixos/sssd: fix race condition in test 2022-10-10 03:48:52 +05:30
Martin Weinelt
829f89581a
Merge pull request #181764 from mweinelt/glibc-without-libcrypt 2022-10-09 21:07:26 +02:00
github-actions[bot]
3b37795067
Merge staging-next into staging 2022-10-09 18:02:10 +00:00
github-actions[bot]
44f6a02f39
Merge master into staging-next 2022-10-09 18:01:35 +00:00
Greizgh
987d2f575a nixos/seafile: avoid sleep in tests
Replace sleep statements with wait_until_succeeds
2022-10-09 13:31:13 -04:00
Jan Solanti
96dd839e8f pipewire: 0.3.58 -> 0.3.59 2022-10-09 20:17:42 +03:00
Franz Pletz
32e7482074
nixos/tests/shadow: new hashes support with libxcrypt 2022-10-09 18:09:41 +02:00
Sandro
f5802f496d
Merge pull request #187026 from azahi/endlessh-go 2022-10-09 16:50:02 +02:00
github-actions[bot]
3e675d06f5
Merge staging-next into staging 2022-10-09 12:02:02 +00:00
github-actions[bot]
8972888c55
Merge master into staging-next 2022-10-09 12:01:31 +00:00
Franz Pletz
8a86d9d4aa
Merge pull request #195190 from Ma27/coturn-replace-secret
nixos/coturn: refactor secret injection
2022-10-09 13:48:49 +02:00
Anderson Torres
ff92a56f77
Merge pull request #195057 from LeSuisse/sget-init
sget: init at unstable-2022-10-04
2022-10-09 08:40:44 -03:00
Yorick van Pelt
d34cf47881
guake: update release notes 2022-10-09 11:45:29 +02:00
Maximilian Bosch
2480532bd1
nixos/doc: fix build
Now we even have options like
`services.listmonk.database.settings."app.notify_emails"` shown
correctly (i.e. with quotes).
2022-10-09 10:13:21 +02:00
Maximilian Bosch
4ece171482
Merge pull request #194738 from mayflower/pi-tokenjanitor
nixos/privacyidea: add proper support for `privacyidea-token-janitor`
2022-10-09 09:50:20 +02:00
Maximilian Bosch
4fd75277dd
nixos/coturn: refactor secret injection
The original implementation had a few issues:

* The secret was briefly leaked since it is part of the cmdline for
  `sed(1)` and on Linux `cmdline` is world-readable.
* If the secret would contain either a `,` or a `"` it would mess with
  the `sed(1)` expression itself unless you apply messy escape hacks.

To circumvent all of that, I decided to use `replace-secret` which
allows you to replace a string inside a file (in this case
`#static-auth-secret#`) with the contents of a file, i.e.
`cfg.static-auth-secret-file` without any of these issues.
2022-10-09 09:31:48 +02:00
Sandro
21469bd965
Merge pull request #191198 from Moredread/nixpkgs-paperless
nixosTests.paperless: check if /metadata/ can be accessed
2022-10-09 08:49:28 +02:00
talyz
fae653deb4 nixos/gitlab: Configure ActionCable
ActionCable is used to provide realtime updates in a few places,
mainly the issue sidebar.
2022-10-09 08:12:19 +02:00
talyz
9b3ff51c77 nixos/gitlab: Set a more appropriate type for extraConfig 2022-10-09 08:12:19 +02:00
talyz
58158100f7 nixos/gitlab: Make sure docker-registry starts after cert generation 2022-10-09 08:12:19 +02:00
talyz
8e8253ddb4 nixos/gitlab: Create registry state path 2022-10-09 08:12:19 +02:00
talyz
3dedfb3fa0 nixos/gitlab: Connect to redis through a unix socket by default
This gives us slightly higher security as you have to be in the gitlab
group to connect, and possibly a (very small) performance benefit as
well.
2022-10-09 08:12:19 +02:00
talyz
843082eb3a nixos/gitlab: Add findutils to runtime dependencies
Needed for the gitlab:cleanup:orphan_job_artifact_files rake task.
2022-10-09 08:12:19 +02:00
talyz
bee6e1dafa nixos/gitlab: Deduplicate runtime dependency listing 2022-10-09 08:12:19 +02:00
talyz
0211edd1ff nixos/gitlab: Add workhorse.config option 2022-10-09 08:12:19 +02:00
talyz
4df4d2a8ea genJqSecretsReplacementSnippet: Allow dots in attribute names...
...and escape quotation marks and backslashes.
2022-10-09 08:12:19 +02:00
github-actions[bot]
4567b99d17
Merge master into haskell-updates 2022-10-09 00:19:26 +00:00
github-actions[bot]
9104c83926
Merge staging-next into staging 2022-10-09 00:04:12 +00:00
github-actions[bot]
130aa9ca68
Merge master into staging-next 2022-10-09 00:03:29 +00:00
Vincent Haupert
4f442dde0e nixos/networkd: add new options
Systemd 250:

> DHCPv4 client support in systemd-networkd learnt a new Label= option
> for configuring the address label to apply to configure IPv4
> addresses.

> The [IPv6AcceptRA] section of .network files gained support for a new
> UseMTU= setting that may be used to control whether to apply the
> announced MTU settings to the local interface.

> The [DHCPv4] section in .network file gained a new Use6RD= boolean
> setting to control whether the DHCPv4 client request and process the
> DHCP 6RD option.

> The [DHCPv6] section in .network file gained a new setting
> UseDelegatedPrefix= to control whether the delegated prefixes will be
> propagated to the downstream interfaces.

> The [IPv6AcceptRA] section of .network files now understands two new
> settings UseGateway=/UseRoutePrefix= for explicitly configuring
> whether to use the relevant fields from the IPv6 Router Advertisement
> records.

> The [RoutingPolicyRule] section of .network file gained a new
> SuppressInterfaceGroup= setting.

> The IgnoreCarrierLoss= setting in the [Network] section of .network
> files now allows a duration to be specified, controlling how long to
> wait before reacting to carrier loss.

Systemd 246:

> systemd-networkd's [DHCPv4] section gained a new setting UseGateway=
> which may be used to turn off use of the gateway information provided
> by the DHCP lease. A new FallbackLeaseLifetimeSec= setting may be
> used to configure how to process leases that lack a lifetime option.
2022-10-09 00:54:42 +02:00
Vincent Haupert
4367b782bc nixos/networkd: deprecate IPv6Token=
> The IPv6Token= section in the [Network] section is deprecated, and
>> the [IPv6AcceptRA] section gained the Token= setting for its
>> replacement. The [IPv6Prefix] section also gained the Token= setting.
>> The Token= setting gained 'eui64' mode to explicitly configure an
>> address with the EUI64 algorithm based on the interface MAC address.
>> The 'prefixstable' mode can now optionally take a secret key. The
>> Token= setting in the [DHCPPrefixDelegation] section now supports all
>> algorithms supported by the same settings in the other sections.
2022-10-09 00:52:55 +02:00
Vincent Haupert
036489ffaa nixos/networkd: adapt dhcpV6Config
* Remove `ForceDHCPv6PDOtherInformation=`
* Add a missing `WithoutRA=` option

Systemd 250:

> The ForceDHCPv6PDOtherInformation= setting in the [DHCPv6] section
> has been removed. Please use the WithoutRA= and UseDelegatedPrefix=
> settings in the [DHCPv6] section and the DHCPv6Client= setting in the
> [IPv6AcceptRA] section to control when the DHCPv6 client is started
> and how the delegated prefixes are handled by the DHCPv6 client.
2022-10-09 00:21:05 +02:00
Vincent Haupert
bc8d6d8f96 nixos/networkd: DHCPv6PrefixDelegation -> DHCPPrefixDelegation
Adapt to changes introduced in Systemd 250:

> The [DHCPv6PrefixDelegation] section in .network file is renamed to
> [DHCPPrefixDelegation], as now the prefix delegation is also
> supported with DHCPv4 protocol by enabling the Use6RD= setting.

Replaces the `dhcpV6PrefixDelegationConfig` with
`dhcpPrefixDelegationConfig` and throws an error if the old option is
used.

Also adapt the respective IPv6 prefix delegation test.
2022-10-09 00:11:52 +02:00
Zhaofeng Li
6ed7e545ec nixos/virtualbox-host: Fix hardening with headless vbox
Fixes #157157.
2022-10-08 15:41:59 -06:00
github-actions[bot]
50515b668c
Merge staging-next into staging 2022-10-08 18:01:40 +00:00
github-actions[bot]
d2cd24fe6a
Merge master into staging-next 2022-10-08 18:01:07 +00:00
Thomas Gerbet
679cd3462f sget: init at unstable-2022-10-04
This binary was provided by the `cosign` package until now but it is in
the process of being removed, see https://github.com/sigstore/cosign/pull/2019

Since it might be removed during the 22.11 cycle we drop it
preventively. This will make possible security backports easier if we
need them.
2022-10-08 19:58:11 +02:00
Jörg Thalheim
b4bb571fa0 iwd: remove myself as maintainer 2022-10-08 16:50:37 +02:00
Artturi
f9f82fdb05
Merge pull request #194941 from Artturin/libxml2strict 2022-10-08 17:46:42 +03:00
Florian Klink
1780768449
Merge pull request #194684 from oxalica/fix/systemd-oomd-test
nixos/tests/systemd-oomd: fix and follows upstream tests
2022-10-08 16:09:45 +02:00
github-actions[bot]
cdfb8a30a4
Merge staging-next into staging 2022-10-08 12:02:12 +00:00
Robert Scott
68138bfb28 nixosTests.spark: give worker node 2G of memory
test currently failing due to OOM
2022-10-08 11:55:51 +01:00
Vladimír Čunát
6565abc264
Merge branch 'master' into staging-next 2022-10-08 10:20:07 +02:00
github-actions[bot]
6d4c324802
Merge master into haskell-updates 2022-10-08 00:19:10 +00:00
Vincent Haupert
941c79b620 nixos/github-runner: fix bugs related to InaccessiblePaths=
This commit fixes two bugs:

1) When starting a github-runner for the very first time, the
   unconfigure script did not copy the `tokenFile` to the state
   directory. This case just was not handled so far. As a result, the
   runner could not configure. The unit did, however, fail even before
   as the state token file is configured as inaccessible for the service
   through `InaccessiblePaths=`. As the given path did not exist in the
   described case, setting up the unit's namespacing failed.

2) Similarly, the `tokenFile` is also marked as not accessible to the
   service user. There are, however, cases where other namespacing
   options make the files inaccessible even before `InaccessiblePaths=`
   kicks in; thus, they appear as non existing and cause the namespacing
   to fail yet again. Prefixing the entry with a `-` causes Systemd to
   ignore the entry if it cannot find it. This is the behavior we want.

I also took fixing those bugs as a chance to refactor the unconfigure
script to make it easier to follow.
2022-10-08 01:32:55 +02:00
Nick Cao
309ea5a1af nixos/udev: allow marking firmware as not compressible 2022-10-07 19:40:58 +00:00
Bernardo Meurer
34c73b3fb6
Merge pull request #194391 from guibou/fast_haskell_ghc_with_packages 2022-10-07 14:31:25 -03:00
Artturin
09226fffcf nixosOptionsDoc: buildInputs -> nativeBuildInputs
to make strictDepsByDefault work
2022-10-07 19:26:22 +03:00
Janne Heß
73d9371886
Merge pull request #194395 from helsinki-systems/upd/openssh
[staging] openssh: 9.0p1 -> 9.1p1
2022-10-07 18:21:21 +02:00
Guillaume Bouchard
a2cd604de9 nixos/doc: add release-notes entries for lib.closePropagation changes 2022-10-07 18:04:17 +02:00
Lin Jian
437f73dd54
nixos/systemd-boot: fix entry match condition in remove_old_entries
Before this patch, the entry match condition always fails, causing all
entries being removed. The error is not noticed because later they are
re-generated.
2022-10-07 20:43:48 +08:00
Florian Klink
1224368495 nixosTests.nscd: init, move DynamicUser test into there
nixosTests.systemd is quite heavy, it requires a full graphical system,
which is quite a big of a rebuild if the only thing you want to test is
whether dynamic users work.

This is now moved to an `nscd` test, which tests various NSS lookups,
making extra sure that the nscd path is tested, not the fallback path
(by hiding /etc/nsswitch.conf and /etc/hosts for getent).

nixosTests.resolv is removed. It didn't check for reverse lookups,
didn't catch nscd breaking halfway in between, and also had an
ambiguous reverse lookup - 192.0.2.1 could either reverse lookup to
host-ipv4.example.net, or host-dual.example.net.
2022-10-07 14:19:56 +02:00
Lin Jian
642323930e
nixos/systemd-boot: correctly find gen_number for specialisation
Before this patch, the gen_number found by regex contains
"-specialisation-foo" if specialisation is used. As a result, applying
int() to gen_number raises ValueError, causing entries containing
a specialisation part not being removed.
2022-10-07 19:28:43 +08:00
Christian Kögler
aff16d8bc8
Merge pull request #190052 from JasonWoof/acme-example
nixos/doc: fix acme dns-01 example
2022-10-07 12:53:15 +02:00
Alexander Bantyev
99cc02fe98
Merge pull request #193694 from cab404/fwupd-remote-list
nixos.fwupd: add remote list option
2022-10-07 14:23:19 +04:00
Mario Rodas
405db07799
Merge pull request #167047 from helsinki-systems/drop/postgresql10
postgresql: remove 10.x
2022-10-06 21:32:46 -05:00
github-actions[bot]
10f4d9bfdd
Merge master into haskell-updates 2022-10-07 00:23:30 +00:00
sternenseemann
ac1f1ad0e0 haskell: support cross in generateOptparseApplicativeCompletions
Deprecate haskell.lib{,.compose}.generateOptparseApplicativeCompletion*
in favor of the newly added
haskell.packages.*.generateOptparseApplicativeCompletions (plural!)
which takes into account whether we are cross-compiling or not. If we
are, generating completions is disabled, since we can't execute software
built for a different platform.

The move is necessary, so we can receive the /same/ stdenv as the
package we are overriding in order to accurately check whether we can
execute produced binaries.

Resolves #174040.
Resolves #49648.
2022-10-07 00:37:53 +02:00
Cole Mickens
3d5d6fc78c
nixos: luksroot: toString-ify keyFileSize usage 2022-10-06 15:06:50 -07:00
Edward Tjörnhammar
a72e138b78 nixos/jfs: correct broken toplevel reference 2022-10-06 19:26:13 +00:00
github-actions[bot]
0b4912d905
Merge staging-next into staging 2022-10-06 18:03:42 +00:00
github-actions[bot]
c5f0d725df
Merge master into staging-next 2022-10-06 18:03:10 +00:00
Naïm Favier
52c58c8bbe
nixos/network-interfaces: reflect negative settings of proxyARP
Currently, setting `proxyARP` to true enables `proxy_arp`, but setting
it to false doesn't disable it. This is surprising and stateful.
2022-10-06 16:46:17 +02:00
Lucas Savva
49c0fd7d60 nixos/acme: Disable lego renew sleeping
Lego has a built-in mechanism for sleeping for a random amount
of time before renewing a certificate. In our environment this
is not only unnecessary (as our systemd timer takes care of it)
but also unwanted since it slows down the execution of the
systemd service encompassing it, thus also slowing down the
start up of any services its depending on.

Also added FixedRandomDelay to the timer for more predictability.
2022-10-06 10:30:24 -04:00
Lucas Savva
657ecbca0e nixos/acme: Make account creds check more robust
Fixes #190493

Check if an actual key file exists. This does not
completely cover the work accountHash does to ensure
that a new account is registered when account
related options are changed.
2022-10-06 10:30:24 -04:00
Lucas Savva
39796cad46 nixos/acme: Fix cert renewal with built in webserver
Fixes #191794

Lego threw a permission denied error binding to port 80.
AmbientCapabilities with CAP_NET_BIND_SERVICE was required.
Also added a test for this.
2022-10-06 10:30:24 -04:00
Sandro
2fca262fa0
Merge pull request #194271 from andersk/teleport-10 2022-10-06 15:36:47 +02:00
pennae
3826e303c6 nixos/firefox-syncserver: remove extra add_header
syncstorage-rs sets this header starting with 0.12.3.
2022-10-06 14:48:53 +02:00
pennae
f97c9d60e4 nixos/firefox-syncserver: proxyPass singleNode to 127.0.0.1
syncstorage-rs does not listen on ::1 unless explicitly configured.
2022-10-06 14:48:53 +02:00
pennae
8dc30e9e98 nixos/firefox-syncserver: set default for oauth verifier threads
the 0.12.1 update introduced a static thread pool for verifying oauth
tokens. set a reasonable default for self-hosted setups (10 threads).
2022-10-06 14:48:53 +02:00
github-actions[bot]
7dc2d52e3b
Merge staging-next into staging 2022-10-06 12:02:07 +00:00
github-actions[bot]
8d6fbd7341
Merge master into staging-next 2022-10-06 12:01:31 +00:00
Maximilian Bosch
15914eba85
nixos/privacyidea: fix manual build 2022-10-06 13:50:31 +02:00
Maximilian Bosch
ecaf6aed02
nixos/privacyidea: add proper support for privacyidea-token-janitor
`privacyidea-token-janitor`[1] is a tool which helps to automate
maintenance of tokens. This is helpful to identify e.g. orphaned tokens,
i.e. tokens of users that were removed or tokens that were unused for a
longer period of time and apply actions to them (e.g. `disable` or
`delete`).

This patch adds two new things:

* A wrapper for `privacyidea-token-janitor` to make sure it's executable
  from CLI. To achieve this, it does a `sudo(8)` into the
  `privacyidea`-user and sets up the environment to make sure the
  configuration file can be found. With that, administrators can
  directly invoke it from the CLI without additional steps.

* An optional service is added which performs automatic cleanups of
  orphaned and/or unassigned tokens. Yes, the tool can do way more
  stuff, but I figured it's reasonable to have an automatic way to clean
  up tokens of users who were removed from the PI instance. Additional
  automation steps should probably be implemented in additional
  services (and are perhaps too custom to add them to this module).

[1] https://privacyidea.readthedocs.io/en/v3.7/workflows_and_tools/tools/index.html
2022-10-06 11:43:20 +02:00
Jörg Thalheim
988c9130e1
Merge pull request #193767 from winterqt/update-dendrite
dendrite: 0.9.9 -> 0.10.1
2022-10-06 09:28:32 +02:00
github-actions[bot]
0cb28ea28a
Merge staging-next into staging 2022-10-06 06:05:52 +00:00
github-actions[bot]
863df54d13
Merge master into staging-next 2022-10-06 06:05:17 +00:00
oxalica
9fca212c84 nixos/tests/systemd-oomd: fix and follows upstream tests
The current test triggers the kernel OOM killer and doesn't work well.
2022-10-06 09:48:13 +08:00
Stanisław Pitucha
4a6979d310
Merge pull request #194603 from phiadaarr/jitsiVideobridge
jitsi-videobridge: fix link in docs
2022-10-06 12:19:43 +11:00
06kellyjac
becacf259d teleport: 9.1.2 -> 10.3.1
Dropped the roletester since it doesn't exist anymore

Co-authored-by: Anders Kaseorg <andersk@mit.edu>
Signed-off-by: Anders Kaseorg <andersk@mit.edu>
2022-10-05 13:52:20 -07:00
github-actions[bot]
8a69058a29
Merge staging-next into staging 2022-10-05 18:08:07 +00:00
github-actions[bot]
939050602c
Merge master into staging-next 2022-10-05 18:07:32 +00:00
Ian McFarlane
49c4a6d602 nixos/getty: mkdefault for etc/issue 2022-10-05 12:46:23 -04:00
José Luis Lafuente
396f4f05b9
nixos/tmate-ssh-server: init module (#192270)
* nixos/tmate-ssh-server: init module

Co-authored-by: Aaron Andersen <aaron@fosslib.net>
2022-10-05 17:34:30 +01:00
Philipp Arras
1e430612dc jitsi-videobridge: fix link in docs 2022-10-05 18:11:57 +02:00
oxalica
78f929c5a6 nixos/tests/systemd-initrd-luks-fido2: init 2022-10-05 08:22:53 -06:00
Zhaofeng Li
b9b454820a systemd/initrd: Add TPM modules into initrd
This improves the out-of-box experience of TPM2 unlocking at a
small (50K) overhead.
2022-10-05 08:22:53 -06:00
Zhaofeng Li
21bbef9548 nixos/luksroot: Reword message on FIDO2 support with systemd stage 1 2022-10-05 08:22:53 -06:00
Jamie McClymont
9e9637ecb6 nixos/tests/systemd-initrd-luks-tpm2: init 2022-10-05 08:22:51 -06:00
Zhaofeng Li
19c34ac44b systemd/initrd: Add files required by TPM2 and FIDO2 support to the initramfs 2022-10-05 08:22:14 -06:00
Zhaofeng Li
570824e102 systemd: Wrap in LUKS2 tokens
Update pkgs/os-specific/linux/systemd/default.nix

Co-authored-by: Janne Heß <janne@hess.ooo>
Co-authored-by: Ilan Joselevich <personal@ilanjoselevich.com>
Co-authored-by: Jörg Thalheim <Mic92@users.noreply.github.com>
2022-10-05 08:22:14 -06:00
github-actions[bot]
855f2990f1
Merge staging-next into staging 2022-10-05 12:02:14 +00:00
github-actions[bot]
ebb7cf0268
Merge master into staging-next 2022-10-05 12:01:40 +00:00
Florian Klink
c1c406bc87
Merge pull request #191491 from oxalica/fix/systemd-initrd-modprobe
nixos/systemd-stage-1: include modprobe confg in initrd
2022-10-05 10:39:58 +02:00
Thiago Kenji Okada
d10f9fdccd
Merge pull request #193939 from thiagokokada/bump-retroarch
retroarch: 1.10.3 -> 1.11.0;  libretro: unstable-2022-04-21 -> unstable-2022-10-01
2022-10-05 09:00:37 +01:00
Milan Hauth
a1e9f1e036 nixos/firewall: move rpfilter from raw to mangle
fix wireguard (wg-quick)

netfilter packet flow:
raw.prerouting -> conntrack -> mangle.prerouting

rpfilter must be after conntrack
otherwise response packets are dropped
2022-10-05 09:50:56 +02:00
oxalica
3c92009868 nixos/tests/systemd-initrd-modprobe: init 2022-10-05 08:37:51 +08:00
github-actions[bot]
d426366b62
Merge staging-next into staging 2022-10-05 00:05:03 +00:00
Martin Weinelt
253ca4957d Merge remote-tracking branch 'origin/master' into staging-next 2022-10-05 00:44:16 +02:00
Robert Hensing
70ec3b9f54
Merge pull request #193498 from hercules-ci/nixos-doc-disambiguate-test-options
nixos/doc: disambiguate test option ids
2022-10-04 21:35:49 +01:00
Florian Klink
72911a27bb
Merge pull request #193502 from phaer/systemd-portabled
Support systemd-portabled
2022-10-04 21:39:39 +02:00
superherointj
2e19f2fa53 maintainers: remove superherointj 2022-10-04 14:06:48 -03:00
oxalica
dad24c51c1 systemd-no-tainted: init as regression test 2022-10-05 01:03:24 +08:00
superherointj
ef157b4b4c
Merge pull request #193376 from superherointj/package-k3s-1.25.2+k3s1
k3s: 1.25.0+k3s1 -> 1.25.2+k3s1
2022-10-04 13:11:41 -03:00
Janne Heß
a13e1e6277
openssh: 9.0p1 -> 9.1p1 2022-10-04 12:56:15 +02:00
Adam Joseph
c46bdcbaf2 nixos/lib/qemu-common.nix: set qemuSerialDevice for isMips64 2022-10-04 07:48:12 +00:00
Jan Tojnar
e14d1e1bc9
Merge pull request #192969 from jtojnar/extra-gsettings-strict
GNOME/Cinnamon/Pantheon: Clean up GSettings overrides and make strict
2022-10-04 00:59:08 +02:00
Scott Bronson
4db7061162
Sort the /etc/.clean file
Without sorting, the contents of /etc/.clean are likely to change on
every nixos-rebuild due to Perl's nondeterministic hash key ordering.
2022-10-03 14:11:17 -07:00
Christian Kögler
fd323dfe49
Merge pull request #194159 from foo-dogsquared/update-systemd-extraconfig-module-doc
nixos/systemd: update extraConfig description
2022-10-03 21:56:25 +02:00
Sandro
b70049a463
Merge pull request #183349 from Luflosi/rename-ipfs-to-kubo 2022-10-03 21:34:14 +02:00
David Morgan
bd62717fd3
libinput: Add tappingButtonMap option (#189612)
Co-authored-by: Sandro <sandro.jaeckel@gmail.com>
2022-10-03 21:13:43 +02:00
Sandro
1385382014
Merge pull request #191532 from ambroisie/add-tandoor-recipes 2022-10-03 20:25:06 +02:00
Bruno BELANYI
91ba8464f4 nixos/tandoor-recipes: add test 2022-10-03 09:48:54 +02:00
Bruno BELANYI
d8b1d34806 nixos/tandoor-recipes: init module 2022-10-03 09:48:54 +02:00
Gabriel Arazas
292aab9822 nixos/systemd: update extraConfig description 2022-10-03 11:17:41 +08:00
github-actions[bot]
0ae3aa5345
Merge master into staging-next 2022-10-02 17:45:43 +00:00
Graham Christensen
25acc1d800
Merge pull request #190014 from fgaz/vengi-tools/0.0.21
vengi-tools: 0.0.20 -> 0.0.21
2022-10-02 13:04:45 -04:00
superherointj
3d200bd959 nixos/tests/k3s: fix tests
* add superherointj as maintainer
2022-10-02 13:01:47 -03:00
piegames
ec5f7d48ab
Merge pull request #194058: Disable checkMeta by default again 2022-10-02 18:00:48 +02:00
Jörg Thalheim
ffde4721ab
Merge pull request #194052 from rapenne-s/fail2ban_doc
nixos/fail2ban: improve module documentation
2022-10-02 17:09:43 +02:00
Luflosi
eefaaf41d6
kubo: rename from ipfs
Go-IPFS was renamed to Kubo in version 0.14.0, see https://github.com/ipfs/kubo/issues/8959.
2022-10-02 16:00:22 +02:00
Profpatsch
1600cba863 Disable checkMeta by default again.
This caused too many downstream projects to break, so we are reverting
this change for now, until further transition fixes are in place.

See discussion in https://github.com/NixOS/nixpkgs/pull/191171

This reverts part of 6762de9a28
2022-10-02 14:28:40 +02:00
github-actions[bot]
fc393d5731
Merge master into staging-next 2022-10-02 12:01:22 +00:00
Solene Rapenne
605a588ea6 nixos/fail2ban: improve module documentation 2022-10-02 12:59:54 +02:00
06kellyjac
1a90756aa7 tracee: 0.7.0 -> 0.8.3
Also simplified the package since after #176152 the tracee build process can
now pass in a -target of bpf without weird overrides
2022-10-02 11:45:08 +01:00
Christian Kögler
6845ddc94b
Merge pull request #192864 from alyaeanyx/nix-serve-package-option
nixos/nix-serve: add package option
2022-10-02 11:39:28 +02:00
Craig Hall
a4995b6f0a nixos/polkit: Add debug option 2022-10-02 10:13:04 +01:00
github-actions[bot]
e879e7d54e
Merge master into staging-next 2022-10-02 00:04:43 +00:00
Sandro
f01f3c83d2
Merge pull request #192615 from gador/pgadmin-6.14 2022-10-01 23:53:36 +02:00
figsoda
a1d50eecab
Merge pull request #193132 from figsoda/clean-up
treewide: clean up
2022-10-01 17:03:11 -04:00
Florian Brandes
2cf3003858 pgadmin4: 6.13 -> 6.14
include fix for flask-security-too update

Signed-off-by: Florian Brandes <florian.brandes@posteo.de>
2022-10-01 21:56:03 +02:00
Maximilian Bosch
3df3bbdc50
nixos/nixos-build-vms: fix eval
Within #193485 (and the previous changes) the internal structure of the
testing driver was changed. Since then, `makeTest` returns the
attributes for the VM test(s) (including `driverInteractive`) inside a
sub-attribute called `test`, so without this change running
`nixos-build-vms` would fail like this:

    error: attribute 'driverInteractive' missing
2022-10-01 20:34:01 +02:00
Robert Hensing
534e5629af nixos/tests/make-test-python.nix: Restore stand-alone invocation
It's an ugly solution (like before), but some of us want to

    nix-build nixos/tests/foo.nix

This PR makes that possible once more for tests are wired with `make-test-python.nix`.
2022-10-01 16:43:42 +02:00
Maximilian Bosch
d41b381310
nixos/release-notes: document fetchNextcloudApp changes 2022-10-01 16:33:32 +02:00